Vulnerabilities > Fedoraproject > Extra Packages FOR Enterprise Linux > 7.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2023-6395	The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. network low complexity rpm-software-management fedoraproject critical	9.8
2023-12-24	CVE-2023-51766	Insufficient Verification of Data Authenticity vulnerability in multiple products Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. network low complexity exim fedoraproject debian CWE-345	5.3
2023-11-09	CVE-2023-5543	When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. local low complexity moodle fedoraproject	3.3
2023-11-09	CVE-2023-5539	Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. network low complexity moodle fedoraproject CWE-94	8.8
2023-11-09	CVE-2023-5540	Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. network low complexity moodle fedoraproject CWE-94	8.8
2023-11-09	CVE-2023-5542	Exposure of Resource to Wrong Sphere vulnerability in multiple products Students in "Only see own membership" groups could see other students in the group, which should be hidden. network low complexity moodle fedoraproject CWE-668	4.3
2023-11-09	CVE-2023-5545	Exposure of Resource to Wrong Sphere vulnerability in multiple products H5P metadata automatically populated the author with the user's username, which could be sensitive information. network low complexity moodle fedoraproject CWE-668	5.3
2023-11-09	CVE-2023-5548	Insufficient Verification of Data Authenticity vulnerability in multiple products Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. network low complexity moodle fedoraproject CWE-345	5.3
2023-11-09	CVE-2023-5549	Improper Privilege Management vulnerability in multiple products Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. network low complexity moodle fedoraproject CWE-269	5.3
2023-11-09	CVE-2023-5550	In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. network low complexity moodle fedoraproject critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.